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1 Product Positioning 

Today 24*7 availability of zOS systems and it’s applications is a prerequisite for an efficient 
support of business processes and thereupon meeting company targets. 

This challenge demands to value and analyze the risk of unplanned outages for vital 
applications. The risk of the potential loss of money, forced by unavailable applications, 
should be mapped against the cost for tools which could help to minimize this risk. 

In about every case it should be much cheaper to cover the risk by available tools, as taking 

the risk and hoping for the best.what usually ends up in the worst. 

The tool offered by IBM in this area is ONTOP (ONline Technical OPeration). 

The ONTOP “central point of control concept” guaranties problems to be solved as fast as 
possible. Customers who have decided to go for ONTOP just get plugged in there systems 
into the optimized ONTOP infrastructure. This assures highest efficiency and maximal 
transparency during problem life time. 



As shown above, all the possible activities from opening the problem up to closing the 
problem will be done under the control of ONTOP. This makes every step secure, reliable and 
save. The process itself is iterative and may need several cycles until a solution can be 
provided. 


Advantages of ONTOP 

1. Problem management in a save, trusted, reliable and secure environment 

2. Total process control from opening the problem up to closing the problem 

3. Full coverage of all problem solving activities under one common user access 

4. Analysis of problems directly on customer systems by the best skill available 

5. Capturing of problem data can be supported by IBM experts 

6. Problem tracking / trend analyzing on customer systems is possible 

7. Only failure data of complex problems need to be transferred to IBM 

8. Usage of the ONTOP infrastructure for non defect support 
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2 ONTOP Customer Service 

The ONTOP customer service is offered to IBM zOS customers along with software service 
maintenance contracts. 

There is TSO/ONTOP for online support and BTOP to support data transfer. 

TSO/ONTOP is a tool for remote failure analysis. Software service experts connected to the 
IBM network can analyze problems directly in the predefined ONTOP environment on 
customer systems. 

TSO/ONTOP => Bring the expert to the problem and not the problem to the expert 
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BTOP is a tool for mass data transfer between IBM and customers. To be able, to solve very 
complex and time consuming problems, what only can be done in the labs by using special 
tools, software service experts can transfer problem data directly to the related labs. 

BTOP => Bring complex problems to where they can be handled 
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The ONTOP customer service is available since 1986. In the beginning it was based on SNA 
point to point connections. Non switched SNA connections did follow in 1990. Switched 
SNA connections became available in 1996. Since 1999 switched IP connections are ONTOP 
standard. 
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3 ONTOP Philosophy 

Optimized software services infrastructure by using a “central point of control” concept. 
All tools used by the software service experts during problem life time are available under 
one CUA (Common User Access) 

This concept assures the shortest problem life time possible. 



Used Tools: 

1. NVAS/ONTOP 

2. TSO/ONTOP 

3. OPUS 

4. BTOP 

5. ONT721 

6. LTOP 

7. RETAIN 


Central Point of Control 

Analysis of problems on customer systems 

ONTOP administration data 

Mass data transfer between IBM and customers 

IBM internal problem analyzing environment 

IBM internal data transfer environment to the labs 

IBM problem reporting tool 


The problem solution process is iterative and my need to redo one of the steps. 
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4 ONTOP User View 




By using NVAS/ONTOP as “central point of control”, the software service expert has access 
to all the tools necessary during problem life time. 

Where OPUS, ONT721 and LTOP are IBM internal tools, Retain is the tool used by IBM and 
customers and TSO/ONTOP and BTOP are the tools offered to customers. 
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5 Data Security 

Data security demands data classification. 

So everybody being owner of data must classify it’s data and only allow access to the data 
based on this classification. 

Customer data being under control of IBM is always treated as IBM confidential. 

Each IBM employee accepts, based on his working contract (which reflects to IBM policies 
and security guidelines), to do so. 

Further on IBM will accept all legal data security guidelines issued by countries where IBM 
customers are located. 

To make sure those security guidelines are followed, IBM has implemented all the necessary 
technical and organizational standards. 

In all years ONTOP is now available no security conflict has been reported, what proofs the 
implemented security standards. 


28.10.02 


IBM Global Services TTS-SD 


Page 7 







ONTOP FLYER 


6 Technical Description TSO/ONTOP 

TSO/ONTOP is based on an online connection between IBM (IT Center in Mainz) and 
customers. It is an ONTOP exclusive environment including NVAS/ONTOP on the IBM 
side, a network connection and the failure analysis component (TSO/ONTOP) on the 
customer side. 

Components of TSO/ONTOP 

• NetView Access application (NVAS/ONTOP) on IBM side 

• ISDN/PPP/IP public network connection, or IPSec/VPN Internet connection 

• TSO/REXX/ISPF application on customer side 

NetView Access Application (NVAS/ONTOP) 

NVAS/ONTOP on the IBM side is a certified “Security Gateway” which guarantees 
controlled and documented access between IBM and customer systems. 

Network connection 

The network connection is implemented as switched ISDN/PPP/IP over the public network, 
or as an IPSec/VPN Internet connection. The ONTOP network gateway is located at the IBM 
IT-Center in Mainz. The connection to customer systems is established when the IBM 
specialist selects a customer in NVAS/ONTOP. NVAS/ONTOP calls TELNET, which 
activates the predefined ONTOP network infrastructure. After 30 minutes of idle time, or on 
request of the specialist the connection is closed again. 

TSO/REXX/ISPF Application 

The TSO/REXX/ISPF application provides a “Common User Access” CUA for IBM failure 
analysis tools in a predefined environment on customer systems. 
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7 Technical Description BTOP 

BTOP is the batch flavor of ONTOP. It’s goal is, to transfer mass data in a minimum of time 
between IBM and customers. To adapt to IBM security guidelines and the central point of 
control concept, it is implemented in a PUSH/PULL prinzip. 

BTOP Components 

• NetView Access Application (NVAS/ONTOP) on IBM side 

• ISDN/PPP/IP Multilink network connection 

• Technical Userid on customer side / BTOP application on IBM side 

NetView Access Application (NVAS/ONTOP) 

NVAS/ONTOP on the IBM side is a certified “Security Gateway” which guarantees 
controlled and documented access between IBM and customer systems. 

Network connection 

The network connection is implemented as ISDN/PPP/IP Multilink (256Kbps-2Mbps). 

It is a point to point connection over the public network between an router of the IBM 
IT-Center and the dialed customer router. 

The connection is established, when the IBM specialist selects a customer in NVAS/ONTOP. 
NVAS/ONTOP activates IP/FTP and the router which is using DoD (Dial on Demand) 
connects to the customer system. After end of data transfer, or 10 minutes of idle time the 
connection is closed again. 

BTOP Application 

The BTOP application is installed on the IBM ONTOP host MCEVSO. By entering the data 
set name of the data to be transferred in the BTOP menu and hitting the ENTER key, the 
IP-FTP JOB gets started and the data is transferred. 
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8 Access Security 

To respond to customer requests for higher security standards on IP connections, three levels 
of security are used. 

1. IBM side 

NVAS/ONTOP on the IBM side makes sure, that only people having userid/password 
for this system can get access to customer systems. All activities on the gateway will be 
logged and kept for 60 days. Access without using NVAS/ONTOP is not possible. 

2. Network connections 

a. ) ISDN/PPP/IP connections 

CHAP (Challenge Handshake Authentication Protocol) is used on the router link level. 
It uses a “3-Way Handshake” method, to guarantee authentication and protect the 
connection from unauthorized use. 

b. ) Internet connections 

IPSec is used between the two gateway router, to build a VPN (Virtual Private 
Network) over the Internet. This guaranties authentication and privacy. 

3. Customer side 

a. ) TSO/ONTOP 

TSO/ONTOP on the customer system can only be used If the IBM specialist can 
provide Userid/Password. 

b. ) BTOP 

BTOP can only be used if customer agrees to a technical userid and provides IBM 
(ONTOP persons) with Userid/Password for this userid. 


IBM will accept any additional protection method on the customer side, as long as it doesn’t 
hinder IBM when using ONTOP. 

ONTOP is certified as an IES (Inter Enterprise Security) Gateway according to the IBM 
security guideline ETCS302. 
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9 TSO/ONTOP User View 



Select application 
Escape key PA2 


Application Selection Help: 122-5003 Term: IVG$O303 

Date: 12/01/00 Time: 09:27:55 

User: HHDM Group: REGION4 

Broadcast: Printer: 

or enter command. LOGOFF command terminates all sessions. 
Command key PF10 and Prefix $$ Print key PF24 


ID 

Name 

Status M 

B Jump Key 

Application 

11 

Custl 

00:35 

PA2 

Customer 

1 

12 

Cust2 

01:34 

PA2 

Customer 

2 

13 

Cust3 

01:34 

PA2 

Customer 

3 

14 

Cust4 

01:34 

PA2 

Customer 

4 

15 

Cust5 

01:34 

PA2 

Customer 

5 

16 

Cust 6 

01:34 

PA2 

Customer 

6 

17 

Cust7 

00:35 

PA2 

Customer 

7 

18 

Cust8 

06:34 

PA2 

Customer 

8 

19 

Cust 9 

00:35 

PA2 

Customer 

9 

20 

CustlO 

06:34 

PA2 

Customer 

10 


COMMAND ==> 


PF l=Help 2=Lang 3=Disc 4=Keys 7=Backw 8=Forw 





An ONTOP user must logon to NVAS/ONTOP in order to go to the IBM ONTOP 
environment. Here he can select a customer he likes to pass to. In the background, transparent 
for the user, the session is established and the user can logon at the customer system. 

After having provided a valid userid/password, the ONTOP triangle should come up. 
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customer 

A BTOP user must first logon to NVAS/ONTOP to go to the IBM ONTOP environment. 
Here he passes to the BTOP group where he can select the customer he likes to pull/push data 
from/to. On the next menu he just types in the name of the data set to be transferred, hits 
ENTER and the IP-FTP/Job is started. 
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12 ONTOP Network View 
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